package org.carewebframework.security.spring;

import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.carewebframework.api.alias.AliasType;
import org.carewebframework.api.alias.AliasTypeRegistry;
import org.carewebframework.api.context.ContextManager;
import org.carewebframework.api.context.IContextManager;
import org.carewebframework.api.domain.IUser;
import org.carewebframework.api.security.ISecurityService;
import org.carewebframework.ui.Application;
import org.carewebframework.ui.FrameworkWebSupport;
import org.springframework.beans.propertyeditors.StringArrayPropertyEditor;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;
import org.springframework.util.ObjectUtils;
import org.zkoss.zk.ui.Desktop;

/* loaded from: input_file:WEB-INF/lib/org.carewebframework.security.spring.core-3.1.0.jar:org/carewebframework/security/spring/AbstractSecurityService.class */
public abstract class AbstractSecurityService implements ISecurityService {
    private static final Log log = LogFactory.getLog(AbstractSecurityService.class);
    private String logoutTarget = Constants.LOGOUT_TARGET;
    private final AliasType authorityAlias = AliasTypeRegistry.getType(ISecurityService.ALIAS_TYPE_AUTHORITY);

    public static Authentication getAuthentication() {
        return SecurityContextHolder.getContext().getAuthentication();
    }

    protected static void setLogoutAttributes(String str, String str2) {
        setCookie(Constants.LOGOUT_WARNING_ATTR, str2, "Application logged out.");
        setCookie(Constants.LOGOUT_TARGET_ATTR, str, "/");
    }

    private static void setCookie(String str, String str2, String str3) {
        FrameworkWebSupport.setCookie(str, str2 == null ? str3 : str2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String getLogoutAttribute(String str, String str2) {
        String cookieValue = FrameworkWebSupport.getCookieValue(str);
        FrameworkWebSupport.setCookie(str, null);
        return StringUtils.isEmpty(cookieValue) ? str2 : cookieValue;
    }

    @Override // org.carewebframework.api.security.ISecurityService
    public boolean logout(boolean z, String str, String str2) {
        log.trace("Logging Out");
        IContextManager contextManager = ContextManager.getInstance();
        boolean z2 = contextManager == null || contextManager.reset(z) || z;
        if (z2) {
            if (str == null) {
                try {
                    str = FrameworkWebSupport.addQueryString(FrameworkWebSupport.getRequestUrl(), FrameworkWebSupport.getRequestParams());
                } catch (Exception e) {
                }
            }
            setLogoutAttributes(str, str2);
            Desktop desktop = FrameworkWebSupport.getDesktop();
            log.debug("Redirecting Desktop to logout filter URI: " + desktop);
            desktop.getExecution().sendRedirect(Constants.LOGOUT_URI + replaceParam(replaceParam(this.logoutTarget, "%target%", str), "%message%", str2));
            Application.getInstance().register(desktop, false);
        }
        return z2;
    }

    private String replaceParam(String str, String str2, String str3) {
        String encode;
        if (str.contains(str2)) {
            if (str3 == null) {
                encode = "";
            } else {
                try {
                    encode = URLEncoder.encode(str3, "UTF-8");
                } catch (UnsupportedEncodingException e) {
                    log.error("Error encoding parameter value.", e);
                }
            }
            str = str.replace(str2, encode);
        }
        return str;
    }

    @Override // org.carewebframework.api.security.ISecurityService
    public void setAuthorityAlias(String str, String str2) {
        this.authorityAlias.register(str, str2);
    }

    @Override // org.carewebframework.api.security.ISecurityService
    public boolean isAuthenticated() {
        Authentication authentication = getAuthentication();
        if (authentication == null) {
            return false;
        }
        Object principal = authentication.getPrincipal();
        String username = principal instanceof String ? (String) principal : ((User) principal).getUsername();
        return (username == null || username.equals(Constants.ANONYMOUS_USER)) ? false : true;
    }

    @Override // org.carewebframework.api.security.ISecurityService
    public IUser getAuthenticatedUser() {
        Authentication authentication = getAuthentication();
        Object details = authentication == null ? null : authentication.getDetails();
        if (details instanceof CWFAuthenticationDetails) {
            return (IUser) ((CWFAuthenticationDetails) details).getDetail(CWFAuthenticationDetails.ATTR_USER);
        }
        return null;
    }

    @Override // org.carewebframework.api.security.ISecurityService
    public boolean hasDebugRole() {
        return isGranted(Constants.PRIV_DEBUG);
    }

    @Override // org.carewebframework.api.security.ISecurityService
    public boolean isGranted(String str) {
        return isGranted(str, getAuthentication());
    }

    @Override // org.carewebframework.api.security.ISecurityService
    public boolean isGranted(String str, boolean z) {
        Authentication authentication = getAuthentication();
        if (authentication == null) {
            log.info("Authentication context was null during check for granted authorities '" + ObjectUtils.nullSafeToString(str) + "'.");
            return false;
        }
        if (str == null) {
            return false;
        }
        for (String str2 : str.split(StringArrayPropertyEditor.DEFAULT_SEPARATOR)) {
            if (!str2.isEmpty() && isGranted(str2, authentication) != z) {
                return !z;
            }
        }
        return z;
    }

    private boolean isGranted(String str, Authentication authentication) {
        if (authentication == null) {
            log.info("Authentication context was null during check for granted authority '" + str + "'.");
            return false;
        }
        boolean contains = authentication.getAuthorities().contains(new SimpleGrantedAuthority(str));
        if (contains) {
            return contains;
        }
        String str2 = this.authorityAlias.get(str);
        return str2 != null && isGranted(str2, authentication);
    }

    @Override // org.carewebframework.api.security.ISecurityService
    public String loginDisabled() {
        return null;
    }

    public String getLogoutTarget() {
        return this.logoutTarget;
    }

    public void setLogoutTarget(String str) {
        this.logoutTarget = StringUtils.isEmpty(str) ? Constants.LOGOUT_TARGET : str;
    }
}
